Cphulk - not blocking "[WARNING] Sorry, cleartext sessions and weak ciphers" IPs

SactoBob

Active Member
Aug 15, 2015
33
5
58
Sacramento
cPanel Access Level
DataCenter Provider
My servers don't accept clear sessions or weak ciphers on my FTP ports. I constantly see bots (sometimes multiple ones) hitting pure-ftpd in my logs for hours. IE:

pure-ftpd: ([email protected]) [INFO] New connection from 154.89.5.82
pure-ftpd: ([email protected]) [WARNING] Sorry, cleartext sessions and weak ciphers are not accepted on this server.#012Please r


Sometimes I'll manually block it as Cphulk doesn't appear to do anything with them.

1. Is there a way to have Cphulk block this?

If not, I see others have installed fail2ban as a secondary measure for things that CPhulk doesn't cover?

2. Is that still the acceptable method?

I've used fail2ban on other servers, but not cPanel.

3. Do the two play ok together?

I'd assume so it's just another log monitor with additional rules, cpanel has an article about installing it (simple), which I'd figured if there was an issue they'd mention it there.

Thank you,

-sactobob
 

cPanelAnthony

Administrator
Staff member
Oct 18, 2021
1,051
106
118
Houston, TX
cPanel Access Level
Root Administrator
Hello! cPHulk can prevent logins to various cPanel-related services, but won't necessarily stop FTP login attempts like this. It should be possible to use something like fail2ban or CSF firewall; both are known to work fine with cPHulk. Please note that we do not support CSF or fail2ban at cPanel; they have plugins that should work, but we cannot guarantee this.

Which firewall software should I use?
 

SactoBob

Active Member
Aug 15, 2015
33
5
58
Sacramento
cPanel Access Level
DataCenter Provider
I tried CSF once a few years ago and it decided it was too much for me. I've used fail2ban on several other servers and it's fairly straight forward. I'll see about installing that.

Thanks for the reply and advise.

-Bob
 
  • Like
Reactions: cPanelAnthony